We are a small software company and we are planning to onboard Sonar as a code review tool. Now based on what we have seen so far, the pricing for SonarQube and SonarCloud seems identical (yearly vs monthly x12 ) .
So what exactly is the difference between the 2 of them?
Just that the code review is run on our server (Sonarqube) and on Sonar servers (Sonarcloud) ?

I would say it depends on your needs and configuration.
Let’s try to answer some questions that might be interesting for you :

Where do you host your code ?

From your past posts in this community, it seems that your code is hosted on GitHub.com

SonarQube is meant to be integrated with on-premise solutions like GitHub Enterprise or BitBucket Server for example

SonarCloud is meant to be integrated with cloud solutions like GiHub.com or BitBucketCloud for example

How do you want to maintain SonarQube/SonarCloud and upgrade to the latest versions, rules etc ?

For SonarQube, you will install it, along with the database and you can update it when we release approximately every 2 months if you want to get the latest features we implement.

For SonarCloud, you will benefit from all the features that we deploy continuously automatically.

Pricing

Community edition is free, and comes with language analysers for 15 languages and SonarLint. Developer Edition and above editions are commercial solutions that come with branch and PR analysis, smart notifications for SonarLint, Governance etc… See here.

SonarCloud is free for your free GitHub organizations, comes with branch and PR analysis, 20+ languages and SonarLint as wel.
You have to pay for private organizations. You can see details here

On top of these main topics, there are differences as well on Support, third-party integration, source code hosting…

I would recommend you to reach out to one of our sales at contact@sonarsource.com if you need more details so we’ll be able to help you make the right choice

To complement Aurélie’s points, one of the questions you should ask yourself essentially is: where is you build pipeline (your Continuous Integration environment) currently running? (independently from SonarQube/SonarCloud)

If your whole toolchain is already using online services (e.g. GitHub+Travis, or Bitbucket Pipelines, or Azure Pipelines online) then it likely means SonarCloud is a good fit (you’ll be leveraging native integrations we offer with these online tools, and wouldn’t have to maintain an on-prem installation when you’re used to consuming online services).

If you build/test/package your application(s) on-prem, than fitting in an on-prem product like SonarQube likely makes more sense, as you’d likely want to avoid having a CI setup that spans across on-prem and cloud, with all of the technical considerations that this might imply (e.g. firewalls, NATs etc.).

A quick note too, to make it very clear from a static code analysis benefit point of view engine: SonarCloud runs the same Static Code Analysis engine as SonarQube Developer Edition.

Totally agree with Aurélie that, should you have any specific requirement/doubt, contacting SonarSource directly is a good way to clarify things (as was opening this topic in the first place). Mid-term our Product Marketing folks are also working on having clearer guidance available online to guide through our product offering.

There are also some subtle distinctions between how SonarQube and SonarCloud work that may or may not be important to you. One example is that SonarQube supports inline annotations in GitHub Pull Requests while SonarCloud does not.

SonarQube 7.7 Developer Edition
When I am running an analysis on the project for the first time it scans properly and shows all issues.
When I rerun the scan. It doubles the lines of the project.
Then with every run it doubles
eg.
1st run 50k
2nd run 100k
3rd run 200k
Please help
[02%20PM]

@edwagner
I think PR comments have been dropped and all reports are in the checks section.